Download Change Advisory Board Charter

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
Document related concepts

Organization development wikipedia , lookup

Transcript 
Information Systems and Technology Security
Change Advisory Board Charter
Document History
Copyright © [Creation Date] [Company Name]
All rights reserved. This document is for internal use only. No part of the contents of this
document may be reproduced or transmitted in any form or by any means without
the expressed written permission of [Company Name].
Change Advisory Board Charter
The intent of the Change Advisory Board Charter (Charter) is to establish a
common understanding of the function, roles, and responsibilities of the Change
Advisory Board. Adoption of the Charter indicates agreement with the purpose
and overview as described herein. Each Change Advisory Board member
agrees to rely on the Charter as the basis for determining and fulfilling all actions
executed on behalf of the Change Advisory Board. The Charter will be
reviewed and approved annually by the Company Chairman or its designee.
1. Scope
The Change Advisory Board (CAB) is established to communicate, coordinate,
and certify all changes that are scheduled to be implemented into the
Information Technology (IT) production environment within [Company Name].
This task is accomplished by providing a forum; whereby, representatives from all
IT areas are made aware of changes that could directly, or inadvertently,
impact their respective areas. By openly discussing these changes prior to
implementation, this allows IT to be more proactive, as opposed to reactive, in
regards to the preparation of the deployment and implementation of change.
The CAB also aids in the compliance with fundamental audit practices as they
pertain to the receipt and review of approvals of the changes prior to
implementation into a production environment. The CAB will channel all
changes through a centralized location from which any information regarding
changes can be easily attained.
2. Requirements
The CAB shall meet weekly and will be facilitated by a representative of the
Information Systems and Technology Security (InfoSec) group. The InfoSec
representative will provide the CAB with the meeting agenda, meeting minutes,
and a weekly CAB report. All information provided in the CAB report is extracted
from the Support Request System after [Time] on each [Day of Week] prior to the
weekly, Friday meeting. For more information, please refer to the Meeting
Agenda section of this document.
a. Membership and Attendees
The CAB will be composed of members from Senior IT Management
with representation from each major IT Division with tie breaker
authority from the Chief Information Security Officer. The meeting
cannot take place unless the majority of voting members are in
attendance.
b. CAB Members

Chief Security Officer, Chair *

Chief Information Officer *

Chief of Product Development *

Infrastructure Team Leader

CAB Attendees

Individuals in the IT Change Control distribution group which were
not previously listed above.
* Denotes Voting Members
c. Meeting
The CAB members may approve or reject any request, as they deem
necessary. A majority of the voting members or designates in
attendance will be required to approve any and all business presented
to the CAB.
The InfoSec representative will certify each change control tickets
Request that meets the criteria for certification. This will signify
approval for the project implementation. Any member of the CAB may
request additional testing, training, evaluation or other tasks necessary
to ensure a successful implementation. The scope of such additional
tasks must be defined with an agreed upon completion date.
Minutes to record attendance of the voting CAB members and
decision(s) will be archived on the Company [Company Work Order
System] for historical reference and evidence of review for change
control purposes.
d. Meeting Agenda
The following table outlines the general weekly agenda for the weekly
CAB meeting. The specific weekly agenda, minutes, and CAB report
will be distributed prior to each weekly meeting.
The meeting facilitator will request that a voting member make a motion
to accept the CAB report as presented, along with all noted
modifications. A second will be requested and a vote of all members will
be taken with objections documented.
3. Responsibilities
The [Security Executive's Supervisor Title] or its designee is the approval authority
for the Change Advisory Board Charter.
The [Security Executive's Title] is responsible for the development,
implementation, and maintenance of the Change Advisory Board Charter and
associated standards and guidelines.
Company management is accountable for ensuring that the Change Advisory
Board Charter and associated standards and guidelines are properly
communicated and understood within their respective organizational units.
Company management is also responsible for defining, approving, and
implementing procedures in its organizational units and ensuring their
consistency with the Acceptable Use Standard and associated standards and
guidelines.
All individuals, groups, or organizations identified in the scope of this policy are
responsible for familiarizing themselves and complying with the Change Advisory
Board Charter and associated standards and guidelines.
4. Enforcement and Exception Handling
Failure to comply with the Change Advisory Board Charter and associated
standards, guidelines, and procedures can result in disciplinary actions up to
and including termination of employment for employees or termination of
contracts for contractors, partners, consultants, and other entities. Legal actions
also may be taken for violations of applicable regulations and laws.
Requests for exceptions to the Change Advisory Board Charter should be
submitted to the [Company Name] [Security Executive's Title]. Exceptions shall
be permitted only on receipt of written approval from the [Security Executive's
Title]. The [Security Executive's Title] will periodically report current status to the
[Company Name] [Security Executive's Supervisor Title] or its designee.
5. Review and Revision
The Change Advisory Board Charter will be reviewed and revised in
accordance with the Information Security Program Charter.
Recommended: ________________________
Signature
[Name]
[Security Executive's Supervisor Title]
Approved: ____________________________
Signature
[Name]
[Security Executive's Supervisor Title]
Related documents
PowerPoint
PowerPoint
Introduction to Economic Regulation
Introduction to Economic Regulation
The Assistant Director of Marketing`s primary duties include
The Assistant Director of Marketing`s primary duties include
Name What strengths will you bring to the group?
Name What strengths will you bring to the group?
CANCER AWARENESS STRATEGIES
CANCER AWARENESS STRATEGIES
Sanbornton Public Library Board of Trustees
Sanbornton Public Library Board of Trustees
The Creation of the United Nations
The Creation of the United Nations
Using Laws of Probability
Using Laws of Probability
PED-HSM11A2TR-08-1103-002
PED-HSM11A2TR-08-1103-002
ORIENTATION TRAINING - SRPLN || Southern Program
ORIENTATION TRAINING - SRPLN || Southern Program